Merge "[OVN] Use elevated context to retrieve subnet in router port configuration" into stable/2023.1

Zuul · openstack-gerrit · commit da292ca38d0b · 2024-02-07T19:50:58.000Z
diff --git a/neutron/plugins/ml2/drivers/ovn/mech_driver/ovsdb/ovn_client.py b/neutron/plugins/ml2/drivers/ovn/mech_driver/ovsdb/ovn_client.py
@@ -1203,7 +1203,13 @@ def _get_nets_and_ipv6_ra_confs_for_router_port(self, context, port):
 
         for fixed_ip in port_fixed_ips:
             subnet_id = fixed_ip['subnet_id']
-            subnet = self._plugin.get_subnet(context, subnet_id)
+            # NOTE(ralonsoh): it is needed to use the "admin" context here to
+            # retrieve the subnet. The subnet object is not handling correctly
+            # the RBAC filtering because is not filtering by
+            # "access_as_external", as network object is doing in
+            # ``_network_filter_hook``. See LP#2051831.
+            # TODO(ralonsoh): once LP#2051831 is fixed, remove "elevated()".
+            subnet = self._plugin.get_subnet(context.elevated(), subnet_id)
             cidr = netaddr.IPNetwork(subnet['cidr'])
             networks.add("%s/%s" % (fixed_ip['ip_address'],
                                     str(cidr.prefixlen)))
